Immunity, Inc.
Name sol_printer_conf
CVE CVE-2008-2144
Exploit Pack CANVAS
Descriptionsol_printer_conf
NotesCVE Name: CVE-2008-2144
VENDOR: Sun
Advisory: http://sunsolve.sun.com/search/document.do?assetkey=1-66-236884-1
Notes:

This exploit gets remote root on Solaris servers given a working printer
name.

Resolved by:
SPARC Platform

* Solaris 8 with patch 109320-20 or later
* Solaris 9 with patch 113329-19 or later
* Solaris 10 with patch 126672-02 or later

x86 Platform

* Solaris 8 with patch 109321-20 or later
* Solaris 9 with patch 114980-20 or later
* Solaris 10 with patch 126673-02 or later

Guessing the wrong printer gives a log message in /var/adm/messages
Jun 4 12:00:56 unknown bsd-gw[1979]: [ID 937800 lpr.error] request to printer (unknown printer) from ::ffff:192.168.172.1


Locally:
cat /var/spool/lp/system/pstatus

Will print out a list of printers. huhu2 is the printer name below:

+==========
huhu2
enabled accepting
1210965172 1210965198
new printer
new destination


Date public: 5/9/2008
CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2144
CVSS: 10.0

Learn more about the CANVAS Exploit Pack here: CANVAS